IN THE CLAIMS 

1 . (Currently amended) A method of generating a representation of an access control list, the 
representation being utilizable in a processor, the method comprising the steps of: 

determining a plurality of rules of the access control list, each of at least a subset of 
the rules having a plurality of fields and a corresponding action; and 

processing the rules to generate a multi-level tree representation of the access control 
list, each of one or more of the levels of the tree representation being associated with a 
corresponding one of the fields; 

wherein at least one level of the tree representation comprises a plurality of nodes, 
with two or more of the nodes of that level having a common subtree, the tree representation 
including only a single copy of that subtree , the subtree comprising at least one node that is not a 
leaf node of the tree representation ; 

the tree representation being characterizable as a directed graph in which each of the 
two nodes having the common subtree points to the single copy of the common subtree. 

2. (Original) The method of claim 1 wherein the common subtree is implemented at least in 
part as a matching table. 

3. (Original) The method of claim 1 wherein the plurality of fields comprises at least first and 
second fields, the first field comprising a source address field and the second field comprising a 
destination address field. 

4. (Original) The method of claim 1 wherein a final level of the tree representation comprises 
a plurality of leaf nodes, each associated with one of the actions of the plurality of rules. 

5. (Original) The method of claim 1 wherein the at least one level of the tree representation 
comprises a root level of the tree representation. 

6. (Original) The method of claim 5 wherein a second level of the tree representation 
includes a plurality of nodes, each being associated with a subtree of a given one of the plurality of 
nodes of the root level of the tree representation. 
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7. (Original) The method of claim 1 wherein for each level of the tree representation that 
corresponds to a field of a rule of the access control list, a master list of nodes is maintained, each 
node comprising at least one of information characterizing one or more field values associated with 
that node, one or more subtree pointers for that node, and a reference count indicating how many 
ancestor nodes are pointing to that node. 

8. (Original) The method of claim 7 wherein the tree representation is generated by 
sequentially processing the rules of the access control list, the processing for a given rule comprising 
applying values of fields of the given rule to one or more existing nodes of the tree representation, 
and wherein when a particular value of a field of the given rule is applied to a given node, a copy is 
made of the node, the field value is applied to the copied node, and the resultant updated node is 
added to the master list of the corresponding level. 

9. (Original) The method of claim 8 wherein the updated node is compared with other nodes 
of the master list and if a duplicate node is found, the copied node is deleted and a pointer to the 
duplicate node is provided to an ancestor node that points to the given node, a subtree pointer of the 
ancestor node is updated to the duplicate node pointer, a reference count of the duplicate node now 
pointed to by the ancestor node is incremented and a reference count of the given node previously 
pointed to by the ancestor node is decremented. 

10. (Original) The method of claim 9 wherein if a duplicate node is found in the master list, 
that duplicate node is moved to an initial position in the master list. 

1 1 . (Original) The method of claim 7 wherein for each node in the master list, a copy pointer 
is maintained, and wherein when a copied node is compared to the master list and a duplicate node is 
found, the copied node is added as a copy to the master list for use in conjunction with the 
processing of a subsequent rule. 
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12. (Original) The method of claim 7 wherein for each node in the master list, a signature is 
maintained in order to facilitate node comparisons, a full comparison of node subtrees being 
performed only if a match is obtained between node signatures. 

1 3 . (Original) The method of claim 12 wherein the signature for a given node is generated as 
a function of at least one of a field value and a subtree pointer. 

14. (Original) The method of claim 1 wherein the corresponding actions include at least an 
accept action and a deny action. 

15. (Original) The method of claim 1 further including the step of storing at least a portion of 
the tree representation in memory circuitry accessible to the processor. 

16. (Original) The method of claim 1 further including the step of utilizing the stored tree 
representation to perform an access control list based function in the processor. 

17. (Original) The method of claim 16 wherein the access control list based function 
comprises packet filtering. 

18. (Currently amended) An apparatus configured for performing one or more processing 
operations utilizing a representation of an access control list, the access control list comprising a 
plurality of rules, each of at least a subset of the rules having a plurality of fields and a 
corresponding action, the apparatus comprising: 

a processor having memory circuitry associated therewith; 

the memory circuitry being configured for storing at least a portion of a multi-level 
tree representation of the access control list, each of one or more of the levels of the tree 
representation being associated with a corresponding one of the fields; 

the processor being operative to utilize the stored tree representation to perform an 
access control list based function; 

wherein at least one level of the tree representation comprises a plurality of nodes, 
with two or more of the nodes having a common subtree, the tree representation including only a 
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single copy of that subtree , the subtree comprising at least one node that is not a leaf node of the tree 
representation : 

the tree representation being characterizable as a directed graph in which each of the 
two nodes having the common subtree points to the single copy of the common subtree. 

1 9 . (Original) The apparatus of claim 1 8 wherein the memory circuitry comprises at least one 
of internal memory and external memory of the processor. 

20. (Currently amended) An article of manufacture comprising a machine-readable storage 
medium having program code stored thereon, the program code generating a representation of an 
access control list, the representation being utilizable in a processor, wherein the program code when 
executed implements the steps of: 

determining a plurality of rules of the access control list, each of at least a subset of 
the rules having a plurality of fields and a corresponding action; and 

processing the rules to generate a multi-level tree representation of the access control 
list, each of one or more of the levels of the tree representation being associated with a 
corresponding one of the fields; 

wherein at least one level of the tree representation comprises a plurality of nodes, 
with two or more of the nodes of that level having a common subtree, the tree representation 
including only a single copy of that subtree , the subtree comprising at least one node that is not a 
leaf node of the tree representation ; 

the tree representation being characterizable as a directed graph in which each of the 
two nodes having the common subtree points to the single copy of the common subtree. 
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